OSINT Cheat-Sheet 

m 

Investigative Resources - Summer 2019 

IntelTechniques 

.com 

Methodology | Preparation | Execution | Documentation 


Pre-Operational Considerations 


Ethical and Legal Assessment 


Deliverables and Scope 


Workspace & Tools 


Clean/Secure Workstation 


Clean/Secure Connectivity 


Time and Resource Constraints 


Exposure/Risk Factors 


Adversary Sophistication 


Communication and Sit-reps 


Control Expectations 


Fresh Research Accounts 


Clean Browser w/Extensions 


Collection Tools 


Documentation System 


Storage/Archiving Solution 



Define The Question 


OSINT Resources 


OSINTFramework.com 


OSINTBrowser.com 


Document Your "Knowns" 


Set Up Collection 


Query, Sweep, and Pivot 


Netbootcamp.org 


Workinukraine.space 


lnvestigativedashboard.org 


Consolidate Findings 


Complete Reporting and Archive 


Start. me/p/b56xX8/osint 
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Tab Management 


Useful Browser Extensions 


https://www.one-tab.com/ (Local Storage Only) 

Simple Tab Management/Export For Chrome and Firefox 


http://www.gettoby.com/ (Account Bases w/Sync) 
Thumbnailed Tab Management For Chrome and Firefox 


https://chrome.google.com/webstore/detail/graphitabs/dcfclemgmkccmnpgn- 

ldhldimflphkimp?hl=en GraphiTabs - Tree View of Tabs 


https://clusterwm.com/ 

Simple Tab Manager w/Export (Sync Premium Offered) 


http://tabsoutliner.com/ 

Tab Management - Outline Format, Export, Sync (Paid version) 


https://www.gettabli.com/ 

Simple, Private (offline-storage only) Tab Management 


Link Analysis/Visualization 


https://www.paterva.com/buv/maltego-clients.php 

Maltego CE and CaseFile 


https://vis.occrp.org/ 

Create Link Charts - Organized Crime & Corruption Project 


https://gephi.org/ 

http://www.automatingosint.com/blog/category/gephi/ 


https://www xmind.net/ 

Mind Mapping - Free and Paid Versions 


https://medium.com/ (5)raebaker/using-lampvre-for-basic-email- 
and-phone-number-osint-e0e36c710880 (Lam pyre) 


http://www.visualsitemapper.com/ 

Domain Mapping 


https://www.draw.io/ 

https://github.com/michenriksen/drawio-threatmodeling 


https://github.com/woi-ciech/Danger-zone 

Link IPs, Domains, and Email Addresses 


https://www.mindmup.com/ 

Mind Mapping - Free and Paid Tiers 


https://www.nodexlgraphgallerv.org/Pages/Registration.aspx 

Powerful Graphing Client - Free and Paid Tiers 


https://www.onenote.com/clipper 

Screen Capture and Tag (One-Note Users Only) 


https://getfireshot.com/ 

Screen Capture and Annotation (as image or pdf) 


https://github.com/ssborbis/ContextSearch-web-ext 

Context Menu Search Menu 


http://www.osintbrowser.com/ 

OSINT Bookmarks 


https://github.com/azO/linkgopher/ 

Simple Link Extraction 


https://github.com/marklieberman/downloadstar 

Firefox - Download all items in a webpage that match a pattern 


https://github.eom/mozilla/multi-account-containers#readme 

Firefox - Multi-Account Containers (Compartmentalization) 


https://github.eom/mozilla/multi-account-containers#readme 

Firefox - Multi-Account Containers (Compartmentalization) 


https://webrobots.io/ 

Scrape YP, Yelp, Ebay, Amazon, etc. Save as Excel or CSV 


My Workstation Setup 


Workstation - Win 10, PIA/ProtonVPN, Chrome/Firefox, Vbox, Bus- 
cador/Kali, Nox/Geny, Hunch.ly, UC Cable/Mifi, Keypass, Malware- 
bytes, Glasswire 


Mobile - iPhone, MySudo, Signal, Wire 

- Android, burner, unlocked, on Mint sim kit 


Email/Payments - Prontonmail, GMX, Fastmail, Blur, 33mail, Priva- 
cy.com. Vanilla Visa 


Office Software - Libre, OneNote, Notepad++, CherryTree, Stan¬ 
dard Notes, Paper notebook, Teams/Slack/Mattermost/Rocket 


Alt-Hardware: MacBook Air, Atom Text Editor, VMware Fusion, 
Chrome/Firefox, Little Snitch 


Hypervisors: Virtualbox, Buscador Linux, Kali Linux, Genymotion, 
Nox 
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Google Operators 


jj Remember we can string multiple operators together § 

site: 

Limit results to those from a specific domain site:apple. 

com 

a n 

Quotes indicate search for exact term "red rider BB gun" 

AND 

Only show results for both terms apple AND orange 

OR 

Search for term A, term B, or both. A pipe symbol is the 
same as OR. gun OR rifle is the same as gun | rifle 

* 

Wildcard for words in a phrase that you don't know wish 
* a star 

( ) 

Group a set of words/operators separately (gun | pistol) 

ammo 

- 

Exclude results including this word Chicago baseball 
-cubs 

$ 

Search for a certain price "apple watch" $299 

cache: 

Most recent cached version of a domain cache:boston. 

gov 

filetype: 

Only search for specific filetype, ext: works the same 

filetype:pdf "confidential" or ext:pdf "confidential" 

related: 

Search for sites related to a domain related:sony.com 

intitle: 

Find pages with a term in the page title intitle:sabotage 

inurl: 

Find pages with a term in the url inurkprivate 

around(x) 

Find pages with terms in X words proximity of each oth¬ 
er microsoft (7) surface 

info: 

Sometimes shows related pages, cache date etc. in- 

fo:chicago.gov 

Adv. Search 

https://www.google.com/advanced search 


Bing Operators 


Most of the Google operators work in Bing 


( ) 


OR 


NOT 


loc: 


prefer: 


near:x 


Just like Google, terms or operators grouped in paren¬ 
thesis are processed together and separate from other 
conditions 


All Bing searches are treated as AND searches unless 
you specify OR between terms goat OR pig OR cow 


Exclude results with a specific term(s) the - symbol also 
works boat NOT (raft OR ship) 


Return pages from a specific region(s) dogs (loc:GB OR 
loc: FR) 


Weight results in favor of a term prefer:tomato plum 
apple 


Words in x proximity of each other red near:4 blue 


More Operators: https://ahrefs.com/blog/google-ad- 
vanced-search-operators/ 


DuckDuckGo 


DuckDuckGo handles some operators a little differently 


Cats dogs 

Results about cats or dogs 

"cats and dogs" 

Results for exact term "cats and dogs". If no results are 
found, we’ll try to show related results. 

cats +dogs 

More dogs in results 

cats filetype:pdf 

PDFs about cats. Supported file types: pdf, doc(x), 
xls(x), ppt(x), html 

dogs site:exam- 
ple.com 

Pages about dogs from example.com 

Cats -site:exam- 
ple.com 

Pages about cats, excluding example.com 

intitle:dogs 

Page title includes the word "dogs" 

inurkcats 

Page url includes the word "cats" 

Startpage 

| Startpage makes Google requests on your behalf (privacy) 

Operators 

Most standard Google operators work 

Adv. Search 

https://www.startpage.com/en/advanced-search. 

HTML 

Search Tips 

https://support.startpage.com/index.phpP/Knowl- 

edgebase/List/lndex/1 


IP 


Finds sites hosted on an IP address ip:208.43.115.82 


site/domain: 


Filter for specific domain type site/.gov confidential 


feed: 


Finds RSS feeds based on search terms feed:osint 


Bing Adv. 


MS retired Bing's advanced search page 


info: https://www.lifewire.com/bing-advanced-search-3482817 


Yandex 


Most standard Boolean operators work (Google operators) such as site: 

and "quotes" 


Adv. Search 


lang: 


mime: 


date: 


url: 


Click the 


icon in the search bar 


Language filter ccn lang:fr 


Similar to filetype mime:docx gdpr 


Page modified date bombing date:20180416 


Similar to site: but adding a * to the end of 
the url pulls up any docs sharing that url 
url: Alice url:en.wikiquote.org/wiki/* 


special operators: https://yandex.com/support/direct/ 

KEYWORDS/SYM BOLS-AND-OPERATORS.HTML 


Baidu 

Most standard Google Operators work on Baidu | 

Adv. Search 

https://www. baidu.com/gaoii/advanced.html 

In English 

http://www.baiduinenglish.com/ 

Search Tips 

httDs://www.seomanda rin.com/baid u-search-tios.html 



Other International 

Consider using a proxy or VPN to appear in the target region | 

Adv. Search 

https://www.alexa.com/topsites/countries 

Colossus 

http://www.searchenginecolossus.com/ 

Occrp 

https://data.occrp.org/ 

Int. OSINT 

https://start.me/p/W2kwBd/sources-cntv 

UK 

https://investigativedashboard.org/databases/ 
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Twitter 


Facebook 


| Don't forget Google - "site:twitter.com keyword" ffj 

Advanced Search 

https://twitter.com/search-advanced If 

Toolset 

http://tweetbeaver.com/ 

User Report 

https://tinfoleak.com/ 

Analytics 

https://socialbearing.com/ 

Analytics 

https://analvtics.mentionmapp.com/ 

Analytics 

https://foller.me 

Analytics 

http://twiangulate.com/search/ 

Older Posts 

http://staringispolite.github.io/twavback-machine/ 

Search 

https://snapbird.org/ 

Followers 

https://doesfollow.com 

Video 

https://twdown.net/ 

Visualization 

https://treeverse.app/ 

Profile Changes 

https://spoonbill.io/ 

Mapping 

https://onemilliontweetmap.com 

Inteltechniques 

https://inteltechniques.com/menu/oages/twitter. 

tool.html 

Legal Requests 

https://help.twitter.com/en/rules-and-policies/twit- 


Snapchat 

User Search 

https://somesnapcode.com/ H 

User Search 

https://www.snapdex.com/ H 

Loc Search 

https://map.snapchat.com B 

Loc Search 

https://sovip.io H 

httDs://storaae.aooaleaDis.com/snaD-inc/Drivacv/lawenforcement.Ddf H 


Warning: Many of these tools may not function correctly as 
Facebook continues to kill graph search capabilty. https://www. 


vice.com/en ca/article/zmpamx/facebook-stops-araph-search 


FB Expand 

http://com.hemiola.com/bookmarklet/ 


Messenger 

https://www.messenger.com/ 

Mobile View 

https://rn.facebook.com/ 

FB Videos 

https://www.facebook.com/watch 

Video Download 

https://www.fbdown.net/index.oho 

Video Download 

https://www.tubeninia.net/how-to-download/face- 

book 

NetBootcamp 

http://netbootcamp.org/facebook.html 

(Warning: Netbootcamp.com does run tracking scripts) 

Research Tools 

http://www.researchclinic.net/facebook/ 

User->ID 

https://lookup-id.com/ 

(lookup-id.com runs some tracking scripts) 

Graph Search 

https://inteltechniques.com/menu/pages/facebook. 

tool.html (Reminder FB Graph Is Broken as of 8/2019) 

Graph Search 

http://socmint.tools/graph.htm 

Graph Search 

https://peoplefindthor.dk/ 

Graph Search 

https://oitoolbox.com.au/facebook-tool/ 

Graph Search 

https://searchisback.com/ 

Graph Search 

https://whooostedwhat.com/ 

Graph Search 

https://www.uk-osint.net/facebook.html 

Graph Search 

https://github.com/sowdust/searchbook 

Graph Discussion 

https://inteltechniques.com/blog/2019/08/02/ 

the-privacv-securitv-osint-show-episode-133/ 

Legal & Privacy 

https://www.facebook.com/safetv/groups/law/guide- 



Instagram 


User/Tag Search 


Reddit 


Don't Forget Google - site:reddit.com keyword 


User/Tag Search 


Hashtag Search 


https://www.vooving.com/search 


https://www.social-searcher.com/ 


https://tagboard.com/ 


Topic Search 


https://www.reddit.com/search?q=keyword 


Analyze Followers 


https://hypeauditor.com/ 


User Search 


https://www.reddit.com/user/username 


Location Search 


https://www.osintcombine.com/instagram-explorer 


Analytics 


https://pushshift.io/api-parameters/ 


Search 


https://mulpix.com/ 


Archives 


https://web.archive.org/web/*/https :// www. reddit.com/ 
user/username 


Media Capture 


https://downloadgram.com/ 


Inteltech- 

niques 


https://inteltechniques.com/menu/pages/communities.tool, 


Media Capture 


https://instasave.xvz/ 


html 



Downloader 


https://www.4 kdownload.com/products/prod- 

uct-stogram 


Profile Pic 


https://instadp.net/ 


https://www.ticktick.com 


Search 


Search 


Flow To IOS 


Flow To Android 


Downloader 


Video Caputre 


Legal Requests 


https://tiktokapi.ga/ 


https://www.osintcombine.com/tiktok-quick-search 


https://www.pageflows.com/post/ios/general-browsing/ 

tiktok 


https://www.wikihow.tech/Find-Friends-on-Tik-Tok-on- 

Android 


https://en.savefrom.net/download-from-tiktok 


https://airmore.com/watch-tik-tok-pc.html 


https://www.tiktok.com/en/law-enforcement 


Profile Pic 


http://izuum.com/ 


Stories 


https://storiesig.com/ 


Image Search 


https://imgwonders.com/ 


User/Hashtag 


http://picdeer.com/ 


User/Hashtag 


https://www.pictame.com/ 


Inteltechniques 


https://inteltechniques.com/menu/pages/instagram 

tool.html 
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Site Archives 

Capture/Collection Tools 

| Searching pre-existing archives or requesting a capture | 

Alfhouah not ooen-source. Hunch.lv remains mv ao-to :safetv-net & collec-l 

fion too. i| 

Wayback Ma¬ 
chine 

http://archive.org/web/ 

Hunch.ly 

https://hunch.lv/trv-it-now 

https://hunch.1v//guides 

Archive Today 

http://archive.fo/ 

Screen Capture 
Extension 

https://getfireshot.com/ 

How To - Belling- 
cat 

https://www.bellingcat.com/resources/how- 

tos/2018/02/22/archive-open-source-materials/ 

Snip & Sketch 

https://www.microsoft.com/en-us/p/snip-sketch/9mz- 

95kl8mrOI#activetab=pivot:overviewtab 

How To - Tech.co 

https://tech.co/news/tools-to-help-vou-search-the-ar- 

chived-internet-2018-06 

Mass Archive 
Script 

https://github.com/motherboardgithub/mass archive 

Annotation 

https://www.diigo.com/ 

OneNote Clip 

https://www.onenote.com/clipper 


Photo/Image Search 

Spiderfoot 

https://www.spiderfoot.net/ 



Reminder: we do not upload sensitive photos to the internet if 


Documentation Tools 




Search/Reverse 

https://images.google.com/ 

Hunch. ly's Report Builder Is Great To Build Off Of | 

Search/Reverse 

https://tineve.com 

OneNote 

https://www.onenote.com 

Search/Reverse 

https://www.bing.com/images/ 

Win Text Editor 

https://noteoad-olus-olus.org/ 

Reverse Russia 

https://www.vandex.com/images/ 

Mac Text Editor 

https://atom.io/ 

Reverse Asia 

http://images.baidu.com/ 

Backnote 

https://chrome.google.com/webstore/detail/backnote/ 

Search 

http://www.picsearch.com/ 

gcikdkpooobdlgkkimomdgochmclliek?hl=en-US 

Twitter Search 

http://twipho.net/ 

Paliscope 

https://www.paliscooe.com (Free Standard Ed for LE) 

Flickr 

https://www.flickr.com/map 

Zotero 

https://www.zotero.org/ 

Exit 

http://exif.regex.info/exif.cgi 

Private Notes 

https://app.standardnotes.org/ 

Edit Detection 

http://www.errorl 

, | 

Office Alternative 

https://www.libreoffice.org/ 

evelanalvsis.com/ 1 


Basic Forensics 

https://fotoforensics.com/ | 


OSINT Resource Lists 

Text Recog. 

https://www.newc 

■ 


Dcr.com/ 1 

| Collections curated by my favorite OSINT experts: I 

Stolen Check 

www.stolencamerafinder.com/ | 

OSINT.Team 

https://osint.team/home (OSINT rocket chat group) 

Video 

Ph055a 

https://github.eom/Ph055a/OSINT-Collec- 

tion#ph055as-osint-collection 

Extension 

https://www.downloadhelper.net/ 

Bellingcat Tool- 
Kit 

https://docs. google. com/document/d/lBfLPJpRtv- 

Youtube-DL 

https://github.com/vtdl-org/voutube-dl 

o4RFtHJoNovWQimGnvVkfE2HYolCKOGguA/edit 

Sprp77 

https://drive.google.com/drive/folders/lCBcemF- 

dorkAoJ-Sthsh67OVHgH4FQF05 

Extension 

https://addons.mozilla.org/en-US/firefox/addon/ 

video-down loader-profession/ 

Baywolf88 

https://www.learnallthethings.net/osint-resources 

Screen Capture 

https://www.techsmith.com/screen-capture.html 

Sector0355 

https://medium.com/(5)sector035 

Video Archives 

https://archiving.witness.org/archive-guide/ac- 

quire/acquiring-raw-video-and-metadata/ 

Justin Nordine 

https://osintframework.com/ 


https://start.me/p/7kxL6K/search-engines 

https://start.me/p/b56xX8/osint 

https://start.me/p/gvXexK/dating-apps-and-sites 

Document Search 

Start, me's: 

Technisette 

1 Google "keyword AND ext:pdf OR ext:docx OR ext:txt OR ext.xlsx" I 

Bruno Mortier 

Emmanuelle 

-Welch 

Travis Birch 

https://psbdmp.ws 

http://www.findpdfdoc.com/ 

https://start.me/p/kx72n5/databases 

http://crvptome.org 

https://www.base-search.net/ 

https://start.me/p/rxeRar/aml-toolbox 



https://start.me/p/ZME8nR/osint 

http://megasearch.co 

https://psbdmp.ws 

l\/lnr'iC /I z' 


Reuser 

http://arnoreuser.com/osint-repertorium/ 

|i 1 V II IO p 

Phonexicum 

https://phonexicum.github.io/infosec/osint.html#tools 

https://www.google.com/maps 

https://www.osintcombine.com/ 

social-geo-lens 

i-intelligence 

https://www.i-intelligence.eu/wp-content/up- 
loads/2018/06/OSINT Handbook June-2018 Final.odf 

https://www.mapillarv.com/ 

https://openstreetcam.org 

PI Links 

https://diligentiagroup.com/due-diligence/101-invesiiW 

https://ctrlq.org/maps/address/ 

https://livingatlas.arcgis.com/wav- 

back/ 



https://www.gpsies.com/track- 

List.do 

https://www.zillow.com/ 
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Real Name 


Email 


Don't Forget A Basic Google Search "user@domain.com" f 

Hunter.io 

https://hunter.io/ (make a free account) 

HIBP 

httDs://haveibeenowned.com/ (mav be oremium soon) 

Verify 

httos://tools.verifvemailaddress.io/ 

Verifalia 

httDs://verifalia.com/validate-email 


Mailtester 

httD://www.mailtester.com/testmail.Dho 

FindThatEmail 

htto://findthat. email/ 

AnyMailFinder 

httDs://anvmailfinder.com/ 

EmailMatcher 

httos://emailmatcher.com/ 

ProspectLinked 

httDs://orosDectlinked.com/#/home 

MetricSparrow 

httD://metricsoarrow.com/toolkit/email-Dermutator/ 

ThatsThem 

httDs://thatsthem.com/reverse-email-lookuo 

Spokeo 

httDs://www.sookeo.com/email-search 

PsbDmp 

httos://osbdmD.ws/ 

FlackedEmails 

httos://hacked-emails.com/ 

OCCRP 

https://data.occrp.org/search?q=gmail.com 

Dehashed 

httos://dehashed.com/ 

Flashes.org 

httos://hashes.org/leaks.Dho 

Gravatar 

https://en.gravatar.eom/site/check/lorangb@gmail.com 

ReverseGenie 

http://www.reversegenie.com/searching=email 

ManyContacts 

https://www.manvcontacts.com/en/mail-check 

ComLullar 

http://com.lullar.com/ 

Inteltechniques 

https://inteltechniaues.com/osint/menu.email.html 


Basic Guide 

https://www.blurbiz.io/blog/the-most-complete- 

guide-to-finding-anvones-email 


OSINT Flow Charts: https://www.dfir.trainina/osint 


"People" search engines 

TruePeopleSch 

https://www.truepeoplesearch.com/ 

Spokeo 

https://www.spokeo.com/ 

| Thatsthem 

https://thatsthem.com/ 

Adv Background 

https://www.advancedbackgroundchecks.com/ 

Nuwber 

https://nuwber.com/ 

FamTreeNow 

https://www.familvtreenow.com/ 

PeopelByNm 

http://www.peoplebvname.com/ 

UFind 

http://ufind.name/... 

PublicRcrds 

https://publicrecords.directory/ 

GoLookup 

https://golookup.com/ 

PMR 

http://publicemailrecords.com/name listings 

Radaris 

https://radaris.com/ 

Cubib 

https://cubib.com/ 

ComLullar 

http://com.lullar.com/ 

Yasni 

http://www.vasni.com/ 

TabSearch 

https://www.zabasearch.com/ 

Spytox 

https://www.spvtox.com/ 

Intelius 

https://www.intelius.com/ 

Zoom Info 

https://www.zoominfo.com/ 

Whoodle 

https://www.whoodle.com/ 

PeekYou 

https://peekvou.com/ 

Webmil 

http://webmii.com/ 

CvGadget 

https://cvgadget.com/ 

Classmates 

https://www.classmates.com/ 

192 (UK) 

https://www.192.com/ 

Inteltechniques 

https://inteltechniaues.com/menu/pages/person.tool. 

html 


User Names 


Classifieds 


Knowem 

https://knowem.com/checksocialnames.pho?u= 

NameChk 

https://namechk.com/ 

NameCheckr 

https://www.namecheckr.com/ 

NameVine 

https://namevine.com/ 

UserSearch 

https://usersearch.org/ 

UserSherlock 

http://usersherlock.com/ 

Profilr 

https://www.profilr.social/search/ 

Tinder 

https://www.gotinder.eom/@user 

Amazon 

https://www.google.com/search?a=site%3Aamazon. 

com+%22name%22 

SocialCatfish 

https://socialcatfish.com/reverse-username-search/ 

WhatsMyName 

https://github.com/webbreacher/whatsmvname 

Sherlock 

https://github.com/sherlock-proiect/sherlock 

Inteltechniques 

https://inteltechniaues.com/menu/index.html 


Ebay 

https://www.ebav.com/ 

Fatfingers 

http://fatfingers.com/default.aspx 

Flippity 

http://www.flippitv.com/ 

Kijiji 

https://www.kiiiii.ca/ 

SearchAIIJunk 

http://www.searchalliunk.com/ 

SearchTempest 

https://www.searchtempest.com/ 

NotiCraig 

https://noticraig.com/ 

Oodle 

https://www.oodle.com/local/burien-wa/ 

Offerup 

https://offerup.com/ 

Craigslist 

https://craigslist.org 

Inteltechniques 

https://inteltechniaues.com/menu/pages/communities. 

Iinks.html 
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Domains/IPs 


Phone Numbers 


For phone #s consider gov/paid options (OSINT is limited) 


Zaba 

https://www.zabasearch.com/reverse-phone-lookup/ 

Censys 

https://censvs.io 

USPhoneBook 

https://www.usphonebook.com/ 

InteIX 

https://intelx.io 

TruePeopleSearch 

https://www.truepeoplesearch.eom/# 

Domaintools 

https://www.domaintools.com/ 

Whitepages+ 

https://whitepages.plus/ 

CentralOps 

https://centralops.net/co/ 

ThatsThem 

httDs://thatsthem.com/ 

Whoxy 

https://www.whoxv.com/ 

TrueCaller 

httDs://www.truecaller.com/ 

IP Location 

https://www.iplocation.net/ 

Whitepages 

https://www.whitepages.com/reverse-phone 1 Reverse 

DNSLytics 

https://dnslvtics.com/reverse-ip 

Phone Lookup 

411 

https://www.411.com/reverse-phone 

Randhome 

https://www.randhome.io/blog/2018/02/23/harpoon- 

an-osint-/-threat-intelligence-tool/ 

CellRevealer 

httDs://www.cellrevealer.com/ 

CrimeFlare 

http://crimeflare.org:82/ 

FoneFinder 

http://www.fonefinder.net/ 

Spyonweb 

http://spvonweb.com/ 

WhoCalld 

https://whocalld.com/ 

Pub-DB 

http://pub-db.com/ 

SpyDialer 

httDs://www.sovdialer.com/ 

Whoisology 

https://whoisologv.com/ 

Searchbug 

https://www.searchbug.com/tools/ 

Visualping 

https://visualping.io/ 

NumberGuru 

https://www.numberguru.com/phone/ 

WatchThatPage 

http://watchthatpage.com/ 

ReverseGenie 

httD://www.reversegenie.com/ 

PentestTools 

https://pentest-tools.com/information-gathering/ 

find-subdomains-of-domain# 

YellowPages 

https://people.vellowpages.com/whitepages/?re=SP 

people search 

SharedCount 

https://www.sharedcount.com/ 

Spokeo 

https://www.spokeo.com/reverse-phone-lookup 

SmallSEO 

https://smallseotools.com/backlink-checker/ 

PhoneValidator 

https://www.phonevalidator.com/index.aspx 

SimilarWeb 

https://www.similarweb.com/ 

CallerlDTest 

https://www.calleridtest.com/ 

Alexa 

https://www.alexa.com/siteinfo/inteltechniques.com 

IMEI 

https://www.imei.info/ 

Hunter.io 

https://hunter.io/ 

1M El 24 

https://imei24.com/phone base/ 

ViewDNS 

https://viewdns.info/ 

Sync 

https://svnc.me/ 

Robtex 

https://www. robtex. com/?= 

Infobel 

https://www.infobel.com/ 

Majestic 

https://maiestic.com/ 

DialingCode 

http://www.dialingcode.com/ 

D-Me 

http://d-me.info/ 

OpenCnam 

https://www.opencnam.com/ 

N etc raft 

https://www.netcraft.com/ 

TeleFoonGids 

https://telefoongids.2link.be/ 

DomainBigData 

https://domainbigdata.com/ 

Service Objects 

https://www.serviceobiects.com/developers/lookups/ 

Inteltechniques 

https://inteltechniques.com/osint/domain.search.html 

geophone-plus 

WTNG 

http://www.wtng.info/index.html 


Inteltechniques 

https://inteltechniaues.com/blog/2018/04/24/search- 

SeanLawson 

https://www.seanlawson.net/2019/02/use-chrome- 

developer-tools-view-masked-phone-numbers-for-free- 

ing-subdomains-with-findsubdomains-com/ 

IP6Locator 

http://ipv6locator.net/ 

people-search/ 

NAN PA 

https://www.nationalnanpa.com/enas/coCodeRepor- 

ViewDNS 

https://viewdns.info/ 

tUnsecured.do?reportTvoe=7 

Maxmind 

https://www.maxmind.com/en/home 

Inteltechniques 

https://inteltechniaues.com/osint/menu.phone.html 


https://www.ip2location.com/demo/ 


IP2Location 

3 Vehicles j 

IPFingerprints 

https://www.ipfingerprints.com/ 

CarOwners 

https://carsowners.net 

ThatsThem 

https://thatsthem.com/reverse-ip-lookup 

NICB 

https://www.nicb.org/vincheck 

Netbootcamp 

https://netbootcamp.org/websitetool.html 

OReilly 

https://www.oreillvauto.com/ 

Shodan 

https://www.shodan.io/ 

Carvana 

https://www.carvana.com/ 

Inteltechniques 

https://inteltechniques.eom/menu/pages/ip.tool.html# 

CheckThatVIN 

https://checkthatvin.eom/ctv#/home 

CarFax 

https://www.carfax.com/processQuickVin.cfx 



VehicleHistory 

https://www.vehiclehistorv.com/license-plate-search 
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Business 8c Organizations 


Linkedln 


Misc. Tools 8c Tricks 


Gaming 


! Google: resume AND "real name" 

OpenCorp 

https://opencorporates.com/ 

Rocketreach 

https://rocketreach.co/ 

OCCRP 

https://data.occrp.org/ 

CorpWiki 

https://www.corporationwiki.com/ 

Recruitin 

https://recruitin.net/ 

Indeed 

https://www.indeed.com/ 

MarketVisual 

http://marketvisual.com/ 

AihitData 

https://www.aihitdata.com/ 

Glassdoor 

https://www.glassdoor.com/Reviews/index.htm 

LittleSis 

https://littlesis.org/ 

OpenSanctions 

https://www.opensanctions.org/ 

CEOEmail 

https://ceoemail.com/ 

Enigma 

https://public.enigma.com/browse/collection/ 

corp-watch-companv-subsidiaries/ 

Angel 

https://angel.co/ 

RipoffReport 

https://www.ripoffreport.com/ 

Sector035's 

Guide 

https://medium.com/(3sector035/gathering-companv-in- 

tel-the-agile-way-6dbl2ca031c9 


Legal requests: https://www.search.org/resources/isp-list/ 


Discord Search 

https://www.discordportal.com/ 

Discord Search 

https://discordservers.com/ 

Discord Search 

https://discord.center/ 

Discord Search 

https://disboard.org/ 

Discord Search 

https://discord.me/ 

Discord Search 

https://support.discordapp.com/hc/en-us/arti- 

cles/115000468588-Using-Search 

Discord Capture 

https://dht.chvlex.com/ 1 Discord History Tracker 

Twitch 

https://www.twitchtools.com/ 

Fortnite 

https://fortnitetracker.com/profile/search?q= 

PSN 

https://psnprofiles.com/search/ 

Mixer 

https://www.lifewire.com/what-is-mixer-4156866 

Steam 

https://steamrep.com/ or https://steamid.uk/ 




I sitedinkedin.com inurkpub -inurkdir "at Microsoft" "Current" 

1 sitedinkedin.com "Real Name" 

User Query 

HTTPSV/GITLAB.COM/INITSTRING/UNKEDINZUSERNAME 

Email Query 

https://github.com/prvOcc/GoogLinked 

Breach Data 

https://archive.org/details/LIUsers.7z 

Inteltechniques 

https://inteltechniques.com/menu/pages/linkedin. 

TOOL.HTML 


Virtual Machines 


Follow written steps verbatim when installing VMs 


1 Efficiency and Organizational Tools That 1 Use | 

Better Windows 

File Search 

https://www.voidtools.com/ 

Synced Notes 

https://www.onenote.com 

Encrypted Corns 

https://signal.org/ 

Encrypted Corns 

https://wire.com/en/ 

Encrypted Email 

https://protonmail.com/ (use the free tier for burner/ 
seed accounts) 

Hotkey Panel 

https://www.elgato.com/en/gaming/stream-deck 

NAS/Local Cloud 

https://www.svnologv.com/en-us 

Screen Capture 

https://www.techsmith.com/store/snagit 

Screen Capture 

https://getfireshot.com/buv.php (pro supports multi- 

page pdf) 

Paper Notebooks 

https://www.costco.com/Moleskine-Cahier- 6 -Pack-Extra- 

Large-Notebooks.product.l00300742.html 

Vera crypt 

https://www.voutube.com/watch?v=cxo 8 xosH Tl Vera- 

crypt containers are ideal for archiving cases or placing 
them on flash media for delivery to clients. 

Tech Issues 

https://stackoverflow.com/ Aside from Googling vour 
tech issues, stackoverflow has discussion on just about 
any desktop or software issue. 


Buscador 


Virtualbox 


VBox 

Extensions 


Kali Linux 


Tails 


Update Linux 


Update You- 
tube-DL 


Common Error 


Host Key 


Vbox Scale 
Issues 


3rd Party Over¬ 
view 


https://inteltechnigues.com/buscador/ 


https://www.virtualbox.org/wiki/Downloads 


https://download.virtualbox. 0 rg/virtualbox/ 6 .O.lO/Oracle 

VM VirtualBox Extension Pack- 6 .0.lO.vbox-extpack 


https://www.kali.org/downloads/ 


https://tails.boum.org/ 


apt-get update && apt-get upgrade 


sudo -H pip install --upgrade youtube-dl 


Make sure virtualization is enabled in BIOS settings 


Win - Right Control Key Mac - Left Command Key 


host + f, to switch to full screen mode, if not yet, 
host + c, to switch to/out of scaled mode, 
host + f, to switch back normal size, if need 


https://www.voutube.com/watch?v=7Y fKC5EN10 


Speed Tricks 

Saving a few seconds here and there adds up over time | 

Context Search 

https://github.com/ssborbis/ContextSearch-web-ext 

Add As Search 
Engine 

https://www.wired.com/2014/07/tip-week-chrome-site- 

search/ 

Default to Last 

Year 

https://thepracticalsvsadmin.com/defaulting-google- 

search-results-to-the-past-vear/ 

Keyboard 

Shortcuts 

https://www.auinnssmtbrand.com/windows-kev- 

board-shortcut/ 
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Common Missteps 


More OSINT Resources 


Methodology is more important that tools or techniques because 
those things change. Invest in defining strong process. 


Failure to use non-OSINT approaches and strategies ie: social 
engineering (consider a friendly phone call) 


Are you signed into a live session for the platform you are query¬ 
ing? ie: make sure you are signed into FB in another tab 


Including a space at the end when pasting a account ID or other 
keyword into a query form field. 


Do you have script blockers that might be preventing data from 
loading on a page? (ie:privacy badger, ublock, ghostery) 


Location. Your search results are being scewed by yoru perceived 
location, consider using VPN to "relocate". 


Start looking at page source to see what is going on behind the 
scenes. If you only look at the gui, you are missing alot. 


Tenacity wins the day. Most answers are not going to fall into 
your lap. Patience and persistence above all else. 


https://docs.google.com/document/d/lBfLPJpRtva4RFtHJoNpvWQim- 

GnvVkfE2HYolCKQGguA/ (Bellingcat Toolkit) 


https://github.com/Ph055a/QSINT-Collection (OSINT.Team Collection) 


https://www.i-intelligence.eu/wp-content/uploads/2018/06/QSINT 

Handbook June-2018 Final.pdf (1-Intelligence Collection) 


https://www.osinttechniques.com/osint-tools.html 


https://medium.com/ (5)sector035 (@sector035) 


https://www.learnallthethings.net/creepyosint (@baywolf88) 


https://osintcurio.us/10-minute-tips/ 


https://atlas.mindmup.com/digintel/digital intelligence training/index. 

html 


Operational Security - Browsers Operational Security - Windows 


Browser, Session, and Site Tests 


Device Fingerpint 

https://panopticlick.eff.org/ 

Browser Fingerpint 

https://amiuniaue.org/fp 

Browser Fingerpint 

https://www.deviceinfo.me/ 

Browser Fingerpint 

https://browseraudit.com 

Browser Fingerpint 

https://browserleaks.com/ 

Browser Fingerpint 

https://pixelprivacv.com/resources/browser-fin- 

gerprinting/ 

Browser Fingerpint 

https://detectmvbrowser.com/ 

IP Leaks 

https://ipleak.net 

DNS Leaks 

https://www.dnsleaktest.com/ 

Email Leaks 

https://www.emailprivacvtester.com 



Site Privacy Test 

https://webbkoll.dataskvdd.net/en/ 

Privacy Resources 

https://inteltechniaues.com/links.html 



Recommended Tools For Windows Security 


Create Non-Priv- 
ledged User 

https://support.microsoft.com/en-us/help/4026923/win- 

dows-10-create-a-local-user-or-administrator-account 


Anti-Virus 

https://www.microsoft.com/en-us/windows/comprehen- 

sive-securitv 

Anti-Malware 

https://www.malwarebvtes.com/mwb-download/ 


Anti-Spyware 

https://www.safer-networking.org/ 

Windows Privacy 

https://ssd.eff.org/en/module/how-delete-vour-data-se- 

curelv-windows 

WinlO Privacy 

https://www.thewindowsclub.com/privatewinlO-ad- 

vanced-windows-10-privacv-tool 

WinlO Privacy 

https://fdossena.com/?p=wlOdebotnet/index 1903.frag 


Check Your Micro- 

Soft Data 

https://account.microsoft.com/account/privacv 


Network Activity 

https://www.glasswire.com/ 

Password Manager 

https://keepassxc.org/ 

Cleaner 

https://www.bleachbit.org/download/windows 


Cleaning Manually 

https://www.makeuseof.com/tag/best-wav-clean-win- 

dows-10-step-steo-guide/ 













































































































OSINT METHODOLOGY 101 


BUILDING AN EFFICIENT, REPEATABLE, AND ARTICULABLE PROCESS 


Basic Investigative Steps 

Working up your first case with your new tools and techniques 

1. Set up your note-taking and data collection to track your work - paper notebook, One-Note, Hunch.ly, direc 
tory on encrypted flash drive, etc. 

2. List your investigative goals - full profile, locate for apprehension, identify associates, collect digital evi 
dence, etc. (are you collecting intel or evidence for court?) 

3. List your seed info - emails, phone numbers, names, etc. 

4. Run all of your paid and/or gov queries and use those to add to your seed information. If possible get a 
hold of a booking or DOL photo for comparison while researching social media. 

5. Run Accurint (Lexis-Nexis), TLO, or Clear reports. 

6. Fire up firefox/chrome with your plugins of choice - noscript, https everywhere, ghostery, fireshot, one-tab 
(or use browsers in Buscador VM) 

7. If it's a serious investigation I turn on hunch.ly and enter my "selectors" (keywords from seed info) 

8. I do a quick Google search and check my people finder site of choice for that week. ["James Mclntire" 
"Denver"] and then this week truepeoplesearch.com These are just quick for low hanging fruit. 

9. Go to https://inteltechniques.com/menu.html (or your OSINT toolset of choice ie: osintframework.com) 
and use the tabs on the left hand side to select the categories that match your seed info. My typical order 
email, real name, search engines, Facebook, twitter and then the rest depending on what you have to go 

on. 

10. I exhaust inteltechniques.com tools closing any tabs that return false positives or no useful results. Any 
page that is important I note any identifiers (account IDs, user names, etc) on my notepad and fireshot a 

pdf of the page. That pdf is saved in the case directory. On a case with multiple targets create subfolders 
for each person of interest. 

11. Either periodically or when I'm done with my research I copy/paste or manually enter any pertinent info 
into a profile or case report in either word or one-note. I embed any pertinent screen captures, pdfs such 

as lexis-nexis reports, and good photos of the targets, any vehicles and addresses. 

12. I go over that report with the case detective or agent to explain my investigation and see if they have any 
questions or want any additional info. 

13. My rough notes, workbooks, hunch.ly files, and/or cloned VMs (if I used buscador) are usually saved in 

case I need them for court. The exceptions are things like intel gathering for operations, events, threat assess 

ments, etc. A hunch.ly export might be burned to disc as evidence but be cautious of any unintend ed 

data that might have been unintentionally saved during that session. The VM backup should not go into 
evidence as it would divulge trade-craft. Treat it as an undercover laptop that you can refer to, but avoid 
exposing it unless you are forced to (work with your prosecutor to fight this). If you don't need that VM for 
court, do not keep it (hording data comes with custodial responsibilities and potential liabilities). 

14. I make sure I have a fresh VM for the next case or crisis that comes up. I also make new accounts to have 
in pocket if any of my research accounts were burned. Better to prepare for the next case at the end of the 
previous and be ready to go at a moments notice 

15. Wash, rinse, repeat. Track successes to justify more equipment, staffing, and training. 

Note: My standard setup is an off-grid windows pc, on a UC cable modem or mifi (VPN as appropriate). 

For quick checks such as events, threats, etc. I stay in windows and just use chrome/Firefox and the links on 
inteltechniques.com. This is for convenience and speed with less fuss when there's less of a need for com 
partmentalization, security, and/or anonymity. For investigations I typically use Buscador with Hunch.ly 
installed, and all fresh research account. Quick utility vs. backstopped single purpose - use the right tool for 
each mission. 
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ACCOUNT CREATION 101 


BUILDING AN EFFICIENT, REPEATABLE, AND ARTICULABLE PROCESS 


Building Reliable Research Accounts 

This is a list of recommended steps for creating investigative/research social media accounts. These are largely based on 
feedback from our community and their experiences with having their accounts locked or suspended. Where applicable 
steps are in order of preference in regards to successfully avoiding security challenges. 

Equipment Setup - It may seem simple, but the equipment and connection you are on matters. 

1. Avoid VPNs during account creation, most of their IP ranges are flagged 

2. Mifi's or dynamic IP devices work quite well for account creation 

3. Public networks (Starbucks Wi-Fi) but be aware that you are being exposed and cross-correlated with other 
users on that network 

4. Phone #- A real non-VOIP phone number will save you a lot of hassle, we recommend a $5 Mint sim card kit 
paired with an unlocked smart phone (mintmobile.com) 

5. Online Footprint - "Google" your name and employer. Print the first two pages of results and include this in 
your binder as the "low hanging fruit" of personal data. 

Covert Accounts 

1. We usually make FB, IG, and Twitter at once and tie them in as one covert profile. Each adds depth and verac 
ity to the others (intentional cross correlation). 

2. Keep notes on your covert details either in a paper notebook or a digital format like a password manager or 
spread sheet, having your security requirements in mind. 

3. If it is a sensitive or deep infiltration case make sure to compartmentalize this profile from the get-go (connec 
tion, browser, device (use VM to isolate), etc.) 

4. Connection: 

a. no VPN during account creation, most VPN IP blocks are flagged 

b. Cellular data connections (MiFi's) are good - dynamic/shared IPs 

c. Another technique is to get a free tier AWS EC2 or Digital Ocean VM and use it to make the account 

as then you will have an AWS IP, this is more advanced but works pretty well if you are comfortable with 
VMs and learning to navigate AWS. Some groups even run full investigative VMs on AWS, but again this 
is a more advanced setup that takes some work to sort out. 

d. Another advanced technique is to roll your own VPN thru AWS as the providers tend not to flag AWS 
https://github.com/StreisandEffect/streisand 

5. Email Address: 

a. no Gmail, Hotmail, yahoo, or other top free mail (Gmx is an exception for now) 

b. Private domains work best, grab a Namecheap or GoDaddy domain and webmail for cheap and make a 
bunch of account with them 

c. Gmx.us accounts seem to work ok (for now) and require no existing email or contact info 

d. Sudomail and Protonmail addresses work ok, not as good as a private domain though 

6. Phone #: 

a. You might get lucky and not get the phone number requirement, but also sometimes it won't require it 
at first but then a couple hours or days in it will throw it at you as a security requirement 

b. No VOIP - most number blocks are flagged 

c. Mint test kits and an unlocked phone are a cheap way to get 7 days on a real number 

1. Make sure you have Mint coverage in your area 

2. https://www.amazon.com/Mint-Mobile-Starter-Verify-Compatibility/dp/B0786RD524 ($5 for 
two sims) 

3. You might then port the number over to google voice 

4. Some groups buy these in bulk 

d. You can also use an extra # on a real account (i.e.: Verizon) and then port it over to google voice and 
then draw a new # for that Verizon account 

e. Some people will also use hotel phones and the like when traveling to roll accounts, but that is kind of 
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ACCOUNT CREATION (cont.) 


BUILDING AN EFFICIENT, REPEATABLE, AND ARTICULABLE PROCESS 


7. Once we get into our new account, we do not leave it fallow, start making it feel real right away 

8. Choose a name that is generic, but not too generic 

a. i.e.: Nicky Robinson, Hunter Reynolds, etc. 

b. http://howmanyofme.com/ 

9. Name, gender, city, employer (school) should make sense, remember a real person at FB will likely look at 
your profile if it is reported as suspicious, we want to pass the smell test 

10. Profile/cover photo 

a. We don't ever purport to be a specific individual without consent (i.e.: no identity theft) 

b. Pikwizard.com - Good source for free for anything licensed photos 

c. Pixabay.com is also decent 

d. Avatar makers are another option https://mashable.eom/2007/09/12/avatars/#mn3PhlPwgZqi 

e. fiverr.com - You can buy profile photos for cheap or anything else really...avoid buying bulk accounts, 
they are often locked, scams, or stolen 

f. I also like taking a pic from images.bing.com of a large crowd (road race, sporting event, concert), use 
the snip tool to crop it, and then post the still large group shot, it's unclear who we are in the group 

and yet it's the kind of content people post for profiles or banners because the internet is all about 
bragging 

g. Get creative - general rule is snip, crop, filter, logical pic choice 

1. Time to flesh out our profile by making some friends 

a. Join Groups - anything that has large groups that accept anyone 

b. Nerdy groups and pop culture are my favs: video games, cosplay (cause then costumed profiles make 

sense), etc. 

c. If you are doing a deep infiltration you may have to research your targets groups, don't join her/his 
groups directly, join similar and work your way in slowly after you have some history 

d. Do some liking and commenting in groups for a day or two 

e. then https://www.facebook.com/find-friends/browser/ and let FB recommend friends. We never cold 
call friends anymore, we let FB tell who it's already cross correlated with our profile. This reduces 
chances of getting flagged significantly. 

2. Posts: August 1st Facebook cut off all 3rd part app access except for messenger or FB pages. We formerly 
used IFTTT and WordPress to auto-post but they are broken for now. IFTTT still works for twitter. 

3. Avoid political chat and comments. Politics and social issues are high on the radar of the FB watchdogs due 
to the fake news and voter tampering concerns. 

4. Keep track of covert accounts in a spread sheet or better yet a password manager. 

5. Sim jacking Twitter accounts is very popular so use long passphrases even on your sock accounts and consid 
er 2-factor if they are mature or otherwise valuable accounts 

6. Know your agencies policies around things like friending and any levels of approval or documentation req¬ 
uired 

7. ...and of course, we always use our powers for good so we always assume that our investigation will eventu 
ally see the light of day so make sure you are proud of how your activity will look in retrospect by an objective 

3rd party in regard to reasonable and responsible 


Note: This is purely anecdotal, but in addition to "getting into character" and making our accounts feel real, I suspect 
that there may be some value to occasionally clicking on ads and other content that the platform is pushing at you. This 
is not a privacy/security best practice, but there are detection algorithms that may favor revenue positive accounts. 
Again, this is just a theory. 
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REPORTING 


SAMPLE COVER/FACE SHEET 


LOGO HERE 


Company/Org Name 
Section or Analyst Name 


Open Source Investigative Profile 


Summary of Findings 


Subject ID 


Name: 

Address: 

Employer: 

Vehicles: 


DOB: 
Phone #1: 
Phone #2: 
SS#: 

Relatives: 


Alternate Identities and Associations 


Email #1: 
Email #3: 
User Name: 
Facebook: 
Twitter: 
Instagram: 


Email #2: 
Email #4: 
UN #2 
FB# 
TW#: 
IG#: 


Photos/Video 


Description Source 


□ Photos 

□Video 



















Attachments 


□ Excel Profile Report 

□ Data Source DVD 

□ Photographs 

□ Hunch.ly Archive 


□ Link Analysis Report 

□ Comprehensive TLO, Clear, Accurint Report 

□ DOL/GOV Checks 

□ Other:_ 
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SHORTCUTS & HOT-KEYS 


COMPLETING 1,000 SMALL TASKS A LITTLE FASTER 



Windows Shortcut Keys 

Shortcuts for Mac 

Windows Key + R: Opens the Run menu. 

Command + X: Cut selected text and copy it. 

Windows Key + E: Opens Explorer. 

Command + C: Copy selected text. 

Alt + Tab: Switch between open programs. 

Command + V: Paste copied text. 

Windows Key + Up Arrow: Maximize current window. 

Command + Z: Undo previous command. 

Ctrl + Shift + Esc: Open Task Manager. 

Command + A: Select all items. 

Windows Key + Break: Opens system properties. 

Command + F: Open Find window to search text. 

Windows Key + F: Opens search for files and folders. 

Command + H: Hide windows of the front app. 

Windows Key + D: Hide/display the desktop. 

Command + N: Open a new document or window. 

Alt + Esc: Switch between programs in order they were opened. 

Command + O: Open a selected item. 

Alt + Letter: Select menu item by underlined letter. 

Command + P: Print current document. 

Ctrl + Esc: Open Start menu. 

Command + S: Save current document. 

Ctrl + F4: Close active document (does not work with some applications). 

Command + W: Close front window. 

Alt + F4: Quit active application or close current window. 

Command + Q: Quit the app. 

Alt + Spacebar: Open menu for active program. 

Command + M: Minimize the front window to the Dock. 

Ctrl + Left or Right Arrow: Move cursor forward or back one word. 

Command + Spacebar: Open Spotlight search field. 

Ctrl + Up or Down Arrow: Move cursor forward or back one paragraph. 

Command + Tab: Switch between open apps. 

FI: Open Help menu for active application. 

Command + B: Bold selected text. 

Windows Key + M: Minimize all windows. 

Command + I: Italicize selected text. 

Shift + Windows Key + M: Restore windows that were minimized with 
previous keystroke. 

Command + U: Underline selected text. 

Windows + FI: Open Windows Help and Support. 

Command + Semicolon (;): Find misspelled words in document. 

Windows + Tab: Open Task view. 

Option + Command + Esc: Choose an app to force quit. 

Windows + Break: Open the System Properties dialog box. 

Shift + Command + Tilde (~): Switch between open windows. 

Hold Right SHIFT key for eight seconds: Switch FilterKeys on and off. 

Shift + Command + 3: Take a screenshot. 

Left Alt + Left Shift + Print Screen: Switch High Contrast on and off. 

Fn + Up Arrow: Scroll up one page. 

Left Alt + Left Shift + Num Lock: Switch Mouse keys on and off. 

Fn + Down Arrow: Scroll down one page. 

Press Shift five times: Switch Sticky keys on and off. 

Fn + Left Arrow: Scroll to beginning of document. 

Hold Num Lock for five seconds: Switch Toggle keys on and off. 

Fn + Right Arrow: Scroll to end of document. 

Ctrl+Tab Switch Between Program Groups 


F11 Maximize Window 

Finder Shortcuts 

Ctrl+A Select Text (Expanded with Windows 10) 

Shift + Command + F: Open All My Files window. 

Ctrl+C Copy Text 

Shift + Command + K: Open Network window. 

Ctrl+V Paste Text 

Option + Command + L: Open Downloads folder. 

Win+R, then type ‘cmd’ Command Prompt 

Shift + Command + O: Open documents folder. 

Tab Autocomplete Folder or File Name 

Shift + Command + U: Open Utilities folder. 

Alt-Tab Switch Between Open Applications 

Option + Command + D: Show or hide the Dock. 

Windows logo key + Tab Task View 

Shift + Command + N: Create a new folder. 

Windows logo key + X Shutdown Your Workstation 

Command + Delete: Move selected item to the Trash. 

Windows logo key + L Lock Your Workstation 

Shift + Command + Delete: Empty Trash. 


*www.quinnssmtbrand.com/windows-keyboard-shortcut/ 


INTELTECHNIQUESijBk 

















































SHORTCUTS & HOT-KEYS 


COMPLETING 1,000 SMALL TASKS A LITTLE FASTER 


Chrome 




Shortcut Keys 

Description 

Alt+Home 

Open your homepage. 

Alt+Left Arrow 

Back a page. 

Alt+Right Arrow 

Forward a page. 

Fll 

Display the current website in full-screen mode. Pressing Fll again will exit this mode. 

Esc 

Stop loading the page or a download from loading. 

Ctrl+(- or +) 

Zoom in or out of a page,will zoom out and "+" will zoom in on the page. 

Ctrl+1-8 

Pressing Ctrl and any number 1 through 8 moves to the corresponding tab in your tab bar. 

Ctrl+9 

Switch to last tab. 

Ctrl+0 

Reset browser zoom to default. 

Ctrl+Enter 

This combination is used to quickly complete an address. For example, type "computerhope" in the 
address bar and press Ctrl+Enter to get https://www.computerhope.com. 

Ctrl+Shift+Del 

Open the Clear browsing data window to quickly clear private data. 

Ctrl+Shift+B 

Toggle the bookmarks bar between hidden and shown. 

Ctrl+A 

Select everything on a page. 

Ctrl+D 

Add a bookmark for the page currently opened. 

Ctrl+F 

Open the "find" bar to search text on the current page. 

Ctrl+O 

Open a file in the browser. 

Ctrl+Shift+O 

Open the Bookmark manager. 

Ctrl+H 

Open browser history in a new tab. 

Ctrl+J 

Display the downloads window. 

Ctrl+K or Ctrl+E 

Moves your text cursor to the omnibox so that you can begin typing your search query and per¬ 
form a Google search. 

Ctrl+L 

Move the cursor to the browser address bar and highlight everything in it. 

Ctrl+N 

Open New browser window. 

Ctrl+Shift+N 

Open a new window in incognito (private) mode. 

Ctrl+P 

Print current page or frame. 

Ctrl+R or F5 

Refresh the current page or frame. 

Ctrl+S 

Opens the Save As window to save the current page. 

Ctrl+T 

Opens a new tab. 

Ctrl+U 

View a web page's source code. 

Ctrl+W 

Closes the currently selected tab. 

Ctrl+Shift+W 

Closes the currently selected window. 

Ctrl+Shift+T 

This combination reopens the last tab you've closed. If you've closed multiple tabs, you can press 
this shortcut key multiple times to restore each of the closed tabs. 

Ctrl+Tab 

Moves through each of the open tabs going to the right. 

Ctrl+Shift+Tab 

Moves through each of the open tabs going to the left. 

Ctrl+Left-click 

Open a link in a new tab in the background. 

Ctrl+Shift Left-click 

Open a link in a new tab and switch to the new tab. 

Ctrl+Page Down 

Open the browser tab to the right. 

Ctrl+Page Up 

Open the browser tab to the left. 

Spacebar 

Moves down a page at a time. 

Shift+Spacebar 

Moves up a page at a time. 

Home 

Go to top of page. 

End 

Go to bottom of page. 

Alt+Down Arrow 

Display all previous text entered in a text box and available options on a drop-down menu. 






^Shortcut List Source: www.computerhope.com 
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SHORTCUTS & HOT-KEYS 


COMPLETING 1,000 SMALL TASKS A LITTLE FASTER 


Fi refox 




Shortcut Keys 

Description 

F5 

Refresh current page, frame, or tab. 

Fll 

Display the current website in fullscreen mode. Pressing Fll again will exit this mode. 

Esc 

Stop page or download from loading. 

Spacebar 

Moves down a page at a time. 

Alt+Home 

Open your homepage. 

Alt+Down arrow 

Display all previous text entered in a text box and available options on drop-down menu. 

Alt+Left Arrow 

Back a page. 

Alt+Right Arrow 

Forward a page. 

Ctrl+(- or +) 

Increase or decrease the font size, pressing will decrease and'+' will increase. Ctrl+0 will reset 
back to default. 

Ctrl+D 

Add a bookmark for the page currently opened. 

Ctrl+F 

Access the Find option, to search for any text on the currently open web page. 

Ctrl+H 

View browsing history. 

Ctrl+I 

Display available bookmarks. 

Ctrl+J 

Display the download window. 

Ctrl+K or Ctrl+E 

Move the cursor to the search box. 

Ctrl+L 

Move cursor to address box. 

Ctrl+N 

Open New browser window. 

Ctrl+O 

Access the Open File window to open a file in Firefox. 

Ctrl+P 

Print current page or frame. 

Ctrl+T 

Opens a new tab. 

Ctrl+U 

View a web page's source code. 

Ctrl+F4 or Ctrl+W 

Closes the currently selected tab. 

Ctrl+F5 

Refresh the page, ignoring the Internet cache (force full refresh). 

Ctrl+Enter 

Quickly complete an address. 

Ctrl+Tab 

Moves through each of the open tabs. 

Ctrl+Shift+Del 

Open the Clear Data window to quickly clear private data. 

Ctrl+Shift+B 

Open the Bookmarks window, to view all bookmarks in Firefox. 

Ctrl+Shift+J 

Open the Browser Console to troubleshoot an unresponsive script error. 

Ctrl+Shift+P 

Open a new Private Browsing window. 

Ctrl+Shift+T 

Undo the close of a window. 

Ctrl+Shift+W 

Close the Firefox browser window. 

Shift+Spacebar 

Moves up a page at a time. 

Ctrl+Shift+Tab 

Moves through each of the open tabs going to the left. 

Ctrl+Left-click 

Open a link in a new tab in the background. 

Ctrl+Shift Left-click 

Open a link in a new tab and switch to the new tab. 

Ctrl+Page Down 

Open the browser tab to the right. 

Ctrl+Page Up 

Open the browser tab to the left. 

Spacebar 

Moves down a page at a time. 

Shift+Spacebar 

Moves up a page at a time. 

Home 

Go to top of page. 

End 

Go to bottom of page. 

Alt+Down Arrow 

Display all previous text entered in a text box and available options on a drop-down menu. 










^Shortcut List Source: www.computerhoue^ 
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BUSCADOR 2.0 


OSINT LINUX DISTRO 


Installation Notes (2.0) 

You will need a Virtual Machine application in order to use this system. VirtualBox is free and will suffice for most investigations. Some users prefer a 
more robust option with VMWare Workstation for Windows or VMWare Fusion for Mac. Any of these options will get you started. 

VirtualBox Installation and Configuration: 

* Make sure you have latest version of VirtualBox and VirtualBox Extension Pack installed 

1) In the VirtualBox menu, click on File > Import Appliance 

2) Navigate to the OVA file that was downloaded (Buscador) 

3) Choose this file and select "Import" 

4) Before starting the new machine, highlight it and choose "Settings" 

5) Under General > Basic, rename this machine as desired (Buscador?) 

6) Under General > Advanced, change Shared Clipboard to Bi-Directional 

7) Under System > Motherboard, increase the RAM if you have ample resources (half of total system) 

8) Under Display > Screen, increase the Video Memory to 128MB is available 

9) Under Shared Folders, click the "plus" on the right, choose folder to store evidence, select "Auto-Mount" 

10) Click "OK" twice, then launch the new machine (Double Click) 

11) Upon boot, log into the user "osint" with the password of osint 

12) In the VirtualBox Menu, select Devices > "Insert Guest Additions CD Image" 

13) Click "Cancel" when the dialogue box pops up. 

14) Open Terminal (Tilex) 

15) In Terminal, Create a directory on the Desktop titled vbox: mkdir ~/Desktop/vbox 

16) Copy everything from the CD media on the Desktop to vbox folder (copy/paste) 

17) In Terminal, input the following commands: 

cd Desktop/vbox 
chmod +X *.sh 
./autorun.sh 

(type password when prompted) 

18) Allow the image to be installed, and reboot upon completion. 

19) Start the Terminal in the new VM and type sudo adduser osint vboxsf 

20) Provide the password as needed (osint) 

21) Reboot 

You should now have access to the shared directory in order to save data to the host operating system (evidence). It can be found in the File Manag¬ 
er (Flome), on the left column, titled "sf_" followed by the name of the folder to which it is connected. This shared folder will also be on your desk¬ 
top for easy access. You can make the machine full-screen, copy and paste text to and from the image, and you are ready to begin using the applica¬ 
tions. 


Support & Updates 

Open Tilix (Terminal), and enter the following commands: 
NOTE: 

Update_scripts no longer needed! 

Video Download Update: 

sudo -FI pip install -upgrade youtube-dl 

Spiderfoot Update: 
cd /opt/spiderfoot 
git reset -hard 
git pull 
sudo reboot 
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